Model risk management requires a high level of responsibilities and stepped-up efforts concerning model governance and model approval, model documentation and testing, ongoing performance monitoring, and proper management of the changes that occur in the model to complete the entire process of the model lifecycle.
Model risk in financial institutions should be managed throughout the model lifecycle. This process is made by the first line of defence, the model developers, the second line of defence, the model validators, and the third line of defence, auditors. A typical model lifecycle process consists of seven parts:
01 Model proposal:The first line of defence needs to understand what are the business requirements to implement. Afterwards, the second line of defence identifies any potential risks in introducing this new model.
02 Model development:In this stage, the first line of defence starts gathering data, formatting and cleaning the data. Afterwards, different modelling approaches are tried and based on the results, the final model is selected. Lastly, the methodology of calibrating or training the algorithm needs to be defined and implemented.
03 Pre-validation:The model needs to be tested rigorously by the first line of defence and the results must be documented.
04 Independent review:At this stage, the second line of defence analyzes all documentation that has been submitted until this moment. If the independent review is successful, the model life cycle process moves to stage 5 - Approval. If issues are detected, the process is moved back to the first line of defence where additional information needs to be generated.
05 Approval:Approvals are gathered by all stakeholders.
06 Implementation:A technical team implements the model into the production systems.
07 Validation & Reporting:In this last step, the second line of defence performs a final review of the model as it has been implemented in the production system to see if the model works as expected. If the model passes the validation, then it goes into production. Once the model is run in production, it will be monitored (which is typically a first line of defence responsibility).
Finally, whenever improvements or modifications are necessary for an already productionized model, the model enters the same lifecycle process again.